Add a bundled cacert.pem as a last resort option
parent
306ba77e93
commit
470fb58273
File diff suppressed because it is too large
Load Diff
|
@ -110,6 +110,9 @@ class Compiler
|
||||||
$this->addFile($phar, new \SplFileInfo(__DIR__.'/../../vendor/composer/include_paths.php'));
|
$this->addFile($phar, new \SplFileInfo(__DIR__.'/../../vendor/composer/include_paths.php'));
|
||||||
}
|
}
|
||||||
$this->addFile($phar, new \SplFileInfo(__DIR__.'/../../vendor/composer/ClassLoader.php'));
|
$this->addFile($phar, new \SplFileInfo(__DIR__.'/../../vendor/composer/ClassLoader.php'));
|
||||||
|
|
||||||
|
$this->addFile($phar, new \SplFileInfo(__DIR__ . '/../../res/cacert.pem'), false);
|
||||||
|
|
||||||
$this->addComposerBin($phar);
|
$this->addComposerBin($phar);
|
||||||
|
|
||||||
// Stubs
|
// Stubs
|
||||||
|
|
|
@ -50,7 +50,7 @@ class ConfigValidator
|
||||||
// validate json schema
|
// validate json schema
|
||||||
$laxValid = false;
|
$laxValid = false;
|
||||||
try {
|
try {
|
||||||
$json = new JsonFile($file, Factory::createRemoteFilesystem($this->io)); //TODO
|
$json = new JsonFile($file, Factory::createRemoteFilesystem($this->io)); //TODO - can't configure here obviouslyS
|
||||||
$manifest = $json->read();
|
$manifest = $json->read();
|
||||||
|
|
||||||
$json->validateSchema(JsonFile::LAX_SCHEMA);
|
$json->validateSchema(JsonFile::LAX_SCHEMA);
|
||||||
|
|
|
@ -486,15 +486,28 @@ class RemoteFilesystem
|
||||||
);
|
);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Attempt to find a local cafile or throw an exception.
|
* Attempt to find a local cafile or throw an exception if none pre-set
|
||||||
* The user may go download one if this occurs.
|
* The user may go download one if this occurs.
|
||||||
*/
|
*/
|
||||||
|
if (!isset($this->options['ssl']['cafile'])) {
|
||||||
$result = $this->getSystemCaRootBundlePath();
|
$result = $this->getSystemCaRootBundlePath();
|
||||||
if ($result) {
|
if ($result) {
|
||||||
|
if (preg_match("|^phar://|", $result)) {
|
||||||
|
$tmp = rtrim(sys_get_temp_dir(), '\\/');
|
||||||
|
$target = $tmp . DIRECTORY_SEPARATOR . 'composer-cacert.pem';
|
||||||
|
$cacert = file_get_contents($result);
|
||||||
|
$write = file_put_contents($target, $cacert, LOCK_EX);
|
||||||
|
if (!$write) {
|
||||||
|
throw new TransportException('Unable to write bundled cacert.pem to: '.$target);
|
||||||
|
}
|
||||||
|
$options['ssl']['cafile'] = $target;
|
||||||
|
} else {
|
||||||
$options['ssl']['cafile'] = $result;
|
$options['ssl']['cafile'] = $result;
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
throw new TransportException('A valid cafile could not be located automatically.');
|
throw new TransportException('A valid cafile could not be located automatically.');
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Disable TLS compression to prevent CRIME attacks where supported.
|
* Disable TLS compression to prevent CRIME attacks where supported.
|
||||||
|
@ -560,15 +573,22 @@ class RemoteFilesystem
|
||||||
'/opt/local/share/curl/curl-ca-bundle.crt', // OS X macports, curl-ca-bundle package
|
'/opt/local/share/curl/curl-ca-bundle.crt', // OS X macports, curl-ca-bundle package
|
||||||
'/usr/local/share/curl/curl-ca-bundle.crt', // Default cURL CA bunde path (without --with-ca-bundle option)
|
'/usr/local/share/curl/curl-ca-bundle.crt', // Default cURL CA bunde path (without --with-ca-bundle option)
|
||||||
'/usr/share/ssl/certs/ca-bundle.crt', // Really old RedHat?
|
'/usr/share/ssl/certs/ca-bundle.crt', // Really old RedHat?
|
||||||
|
__DIR__.'/../../../res/cacert.pem', // Bundled with Composer
|
||||||
);
|
);
|
||||||
|
|
||||||
static $found = false;
|
static $found = false;
|
||||||
|
$configured = ini_get('openssl.cafile');
|
||||||
|
if ($configured && strlen($configured) > 0 && is_readable($caBundle) && \openssl_x509_parse(file_get_contents($caBundle))) {
|
||||||
|
$found = true;
|
||||||
|
$caBundle = $configured;
|
||||||
|
} else {
|
||||||
foreach ($caBundlePaths as $caBundle) {
|
foreach ($caBundlePaths as $caBundle) {
|
||||||
if (is_readable($caBundle) && \openssl_x509_parse(file_get_contents($caBundle))) {
|
if (is_readable($caBundle) && \openssl_x509_parse(file_get_contents($caBundle))) {
|
||||||
$found = true;
|
$found = true;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
if ($found) {
|
if ($found) {
|
||||||
$found = $caBundle;
|
$found = $caBundle;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue